Data Security, Confidentiality & Privacy

  • Home
  • Data Security, Confidentiality & Privacy

General Security Governance

  • Certification - ISO 27001 and ISO 9001.
  • Have an Information Security Officer who is formally chartered with the responsibility for information security.
  • Security Program is audited by an independent third party periodically.
  • Periodical penetration tests on all systems are performed by third party periodically.
  • Securities of vendors and/or sub-contractors are accessed.
  • Incident response procedure is in place.
managment-img-2
managment-img-2

Resource Security

  • Background checks of employees before joining.
  • Regular staff training on current security system and best practices.

Physical & Environmental

  • 24x7 Surveillance CCTV systems are installed & only CEO & COO and any other person authorized by CEO having access to the CCTV System.
  • 24x7 Security Guards at entry & exit gate.
  • Screening of visitors/employees by a security guard during entry and exit for data storage media like CD’s, USB drives etc.
  • USB drives and CD's are banned from work-floor.
  • Entry & Exit Registers
  • Physical Login Register
  • Biometrics Time Attendant Systems
  • System for Physical Security breaches and conditions under which such breaches are notified to clients
  • 100% Power Backup
  • Proper monitoring systems for power supply, HVAC, temperature & other environmental controls in place
  • Full fledged Fire Control Systems in place

Network

  • Configuration Guidelines for Network Equipment’s in place.
  • Firewalls in place.
  • Firewall Analyzer in place.
  • Use of secured line (128 bit SSL) to access and transmit data (images) from servers.
  • Segmented LAN with firewall protection.
  • All ports except DNS and SMTP servers are disabled from the external world.

System

(I) Server

  • Latest Windows Operating System & kept them updated through updates and security patches.
  • Antivirus in place.
  • Login Records maintained.
  • Real time backup of all data done regularly either in client’s server farms or our data servers depending on client choice.

(II) Computers/ Laptops

  • Latest Windows Operating System & keep them updated through updates and security patches.
  • Antivirus in place.
  • Client Login Records maintained.
  • Access to source documents is restricted to authorized employees only.
  • No fax and printing capabilities at the processing site.
  • PCs used for processing do not have CD ROM drives.
  • PCs used in processing are denied web access.
  • Limited usage of paper on the work-floor.